SOI 



;0 



Box PATENT APPLICATION 

Assistant Commissioner for Patents 
Washington, D.C. 20231 

Dear Sir: 

Transmitted herewith for filing is the Patent Apphcation of : 

Inventor(s): Kraft, et al. 

Title: Dynamically Adj ustable Software Encryption 

Enclosed are: 
X Patent Specification and J_ Declaration(s). 
2 sheets of drawing(s). (Informal) 



Docket Number: AT9-99-288 
Express Mail Label No: '^^^\<H7L^ij^Uo\ jS 
Date: \r\fnf^^f 



o 



Q<T\ 

o 



a* 

=\ 
at*" 
=o 
=\ 

so 



X 
X 



An assignment of the invention to International Business Machines Corporation (includes Recordation 
Form Cover Sheet). 



A certified copy of a 



application. 



Information Disclosure Statement, PTO 1449 and copies of references. 

The filing fee has been calculated as shown below: 



For 


No. Filed 


Rate 




Fee 


Basic Fee 




760.00 




760.00 


Claims 


24 - 20 X 


18.00 




72.00 


Ind. Claims 


3-3x 


78.00 




.00 


Mult. Dep. Claims 


Ox 


260.00 




0.00 


Total Fee 








832.00 



X Please charge my Deposit Account No. 09-0447 in the amount of $ 832.00 . A duplicate copy of this sheet 
is enclosed. 

X The Commissioner is hereby authorized to charge payment of the following fees associated with this 
communication or credit any overpayment to Deposit Account 09-0447 . A duplicate copy of this sheet is 
enclosed. 

X Any additional filing fees required under 37 CFR 1.16. 
X Any patent application processing fees under 37 CFR 1.17. 

Respectfully submitted, 



( If' / 



By \ ^yy^-v^^; IV ■ ^ 

Registration No. "^.g^LfqCj 
Intellectual Property Law Dept. 
IBM Corporation 
1 1400 Burnet Road, Zip 4054 
Austin, Texas 78758 
Telephone (512) 823- iOH 



AT9-99-288 



1 Docket No: roM.5158 

DYNAMICALLY ADJUSTABLE SOFTWARE ENCRYPTION 

BACKGROUND 



5 1. Field of the Present Invention 

The present invention relates to the field of software encryption and more particularly to a 
system and method of determining software encryption levels based on geographical location. 

10 2. History of Related Art 

1 Encryption of software is used in a variety of applications in which data or other 

^% information is transmitted over or stored on an un-secure medium such as, for example, the 

W internet. In many nations, the encryption of software is subject to governmental regulation. 

Id 15 Software for use in the U.S. and Canada, for example, may utilize 128-bit encryption while 
French authorities prohibit software encryption levels in excess of 40 bits. As a result of varying 
governmental regulations, software manufacturers are frequently required to manufacture and 
Hi sell at least three versions of encrypted software to meet the restrictions of U.S., French, and 

i^p European encryption regulations. Maintaining and mass producing three or more versions of 

20 every application program that utihzes encryption presents a highly undesirable administrative 
and manufacturing burden on software manufacturers. Therefore, it is highly desirable to 
implement a mechanism by which a single piece of software can be distributed in any geographic 
region regardless of the region's encryption regulations. 

25 SUMMARY OF THE INVENTION 



The identified problem is, in large part, addressed by a method for dynamically adjusting 
the encryption level based on geographic location. Broadly speaking, the method includes an 
initial step of determining a geographic location associated with the software program. An 
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encryption level is selected based upon the determined geographic location. The software 
program is then executed utilizing the selected encryption level. In one embodiment, 
determining the geographic location is achieved by determining the geographic location of a 
computer system on which the software program will be executed, preferably through the use of 
5 a Global Positioning System (GPS). The GPS may comprise an I/O device of the computer 
system on which the software executes. In one embodiment, the selected encryption level may 
be overridden by a Smart Card or other secure device connected to the computer system. In one 
embodiment, the available encryption levels include, at a minimum, a U.S. encryption level, a 
non-French European encryption level, and a French encryption level. 

10 

S BRIEF DESCRIPTION OF THE DRAWINGS 

4^; Other objects and advantages of the invention will become apparent upon reading the 

UJ 15 following detailed description and upon reference to the accompanying drawings in which: 

FIG 1 is a simplified block diagram of a computer system suitable for use with one 
0 embodiment of the present invention; and 

20 FIG 2 is a flow diagram of an encryption method according to one embodiment of the 

present invention. 

While the invention is susceptible to various modifications and alternative forms, specific 
embodiments thereof are shown by way of example in the drawings and will herein be described 
25 in detail. It should be understood, however, that the drawings and detailed description presented 
herein are not intended to limit the invention to the particular embodiment disclosed, but on the 
contrary, the intention is to cover all modifications, equivalents, and alternatives falling within 
the spirit and scope of the present invention as defined by the appended claims. 
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DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT 
OF THE PRESENT INVENTION 

5 Turning now to the drawings, FIG 1 is a simplified block diagram of a computer system 

100 suitable for use with one embodiment of the invention. Computer system 100 includes one 
or more processors 102a...l02ii (generically or collectively referred to herein as processor(s) 
102). Processors 102 may comprise any of a variety of commercially distributed processors such 
as, for example, RS6000, PowerPC, 68000, and x86 compatible processors. A system memory 

10 104 is accessible to processors to 102 via a host bus 106. Processors 102 execute software 
programs that are stored in system memory 104. A host bridge 108 provides an interface 
between a host bus 106 and a peripheral bus 110. Peripheral bus 110 is preferably compliant 
with an industry standard I/O bus such as, for example, a PCI, AGP, EISA, ISA, or other suitable 
bus. In one presently preferred embodiment, I/O bus 110 is comphant with Rev. 2.2 or later of 

15 the PCI local bus specification available fi-om the PCI Special Interest Group (www.pcisig.com) 
and incorporated by reference herein. I/O bus 110 provides a standardized bus to which a variety 
of I/O adapters can be attached to expand the capabilities of computer system 100. The 
embodiment of computer system 100 depicted in FIG 1 includes, as examples, a modem device 
112 for enabling computer system 100 to communicate via an external phone line and a network 

20 adapter 114 that enables computer system 100 to communicate with one or more like computer 
systems. Computer system 100 according to the present invention fiirther includes a Global 
Positioning System (GPS) adapter or device 120. GPS 120 includes facilities for determining the 
geographic location in which computer system 100 physically resides. GPS 120 as depicted in 
FIG 1 further includes an I/O bus interface for communicating this geographic information via 

25 I/O bus 110. In one embodiment, GPS 120 comprises a PCI compatible GPS adapter. PCI 
compatible GPS adapters suitable for use as GPS 120 are commercially distributed by a number 
of vendors at a relatively inexpensive cost. 



One embodiment of the present invention contemplates a set of computer instructions 
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encoded on a computer readable medium. When the instructions are being executed by 
processors 102, the instructions typically reside in system memory 104. At other times, the 
computer instructions may reside on a hard disk (not depicted) connected to I/O bus 110 via a 
hard disk controller, a floppy diskette, a non-volatile memory device such as an EPROM or a 
5 flash memory device. In the preferred embodiment, the computer instructions include 
instructions suitable for executing the method 200 depicted in FIG 2. Method 200 includes a 
step 202 in which geographic location information, such as the output of a GPS, is detected. In 
one embodiment, the GPS detection in step 202 occurs as an initial step in the execution of a 
software program such that the software program determines the geographic location of the 

10 system on which the software is executing. In response to determining the geographic location in 
step 202, an encryption level indicator is set in step 204. The encryption level is set, in one 
embodiment, based upon a value in a look-up table that associates particular encryption levels 
with specified geographic locations. If the GPS signal detection in step 202 indicates that the 
software is executing in France, for example, the encryption level indicator set in step 204 is set 

15 based upon a value in a look-up table which associates geographical location of France with a 
40-bit encryption level. If a software program including facilities for executing method 200 
according to the present invention is later invoked in the United States or Canada, the GPS signal 
in step 202 will result in the setting of encryption level indicator in step 204 to a 128-bit 
encryption. Based upon the setting in the encryption level indicator, data transmitted by the 

20 software program will be encrypted with the appropriate encryption level. The ability to 
determine at execution time the appropriate level of encryption based upon the geographic 
location enables software manufacturers to produce and distribute a single version of a particular 
software application or operating system on a global scale. In the absence of such a facility, the 
manufacturer is typically required to produce, maintain, and distribute various versions of the 

25 software each version essentially identical to the other except for the level of software 
encryption. As will be appreciated to those familiar with computer software programming, 
maintaining multiple versions of a single software appHcation is highly undesirable. Almost 
without exception, software programs generally require modifications or updates. If an 
application is distributed in multiple versions depending upon geography, what would otherwise 
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be a relatively routine software update procedure might present a significant and unnecessary 
administrative burden to incorporate the update in each of existing versions of the software. In 
addition, enforcement of existing software encryption regulations is difficult if not impossible to 
accomplish in a reUable fashion by simply requiring that the original purchaser or user of the 
5 software be located in a geographic region suitable for the level of encryption that is purchased 
or downloaded. If a desk top or lap top computer is relocated from a country in which one level 
of encryption is mandated to a country in which a second level of encryption is used, there is a 
significant likelihood that software appropriate for use in the first country might be inappropriate 
for use in the second country. In contrast, the dynamic encryption level detection enabled by 
10 tying the encryption level to the output of a GPS device ensures that the appropriate encryption 
level is maintained. 

M Returning now to FIG 1, one embodiment of computer system 100 farther includes a 

13 Smart Card 122 that may be coupled to computer system 100 via I/O bus 110. Preferably, Smart 

'fi 15 Card 122 includes a suitable storage facility (memory) and built-in logic to control access to the 
;= memory. In the preferred embodiment. Smart Card 122 can be set to write protect some or all of 

□ the memory array and can be configured to restrict access to both reading and writing through the 

y use of a password or system key all as is well known in the field of Smart Card devices. Smart 

Card 122 provides the abiUty to override the encryption level indicated by the geographic 
20 location. Users of software in a foreign embassy, for example, may be entitled to use a higher 
level of encryption then the level of encryption permitted by the country in which the embassy 
resides. In one embodiment, for example, the software program would detect the presence of 
Smart Card 122 and prompt the user for a password or system key. In response to receiving the 
appropriate key or password from the user, the geographically determined encryption level can 
25 be overridden. The use of a Smart Card to selectively override the geographically determined 
encryption level extends the flexibiUty of system 100 while maintaining adequate security 
measures to enforce the GPS determined encryption level. 



Returning to the flow diagram of Fig 200, one embodiment of method 200 includes a step 
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206 in which an encryption level override indicator is queried. If the encryption level override 
indicator is appropriately set, the geographically determined encryption level is overridden and 
an encryption level based upon some other selection criteria such as, for example, a user 
selectable encryption level is utilized. In an embodiment, in which the encryption level override 
is accomplished through the use of Smart Card 122 as discussed previously, method 200 may 
further include a step (not explicitly indicated in FIG 2) of querying the user for a password or 
system key. If the appropriate password or key is not provided, the geographically determined 
encryption level is maintained. After appropriate setting of the encryption level, the remaining 
portions of the software appUcation are executed (step 210) using the encryption level set in 
either step 204 or 208. 

It will be apparent to those skilled in the art having the benefit of this disclosure that the 
present invention contemplates the dynamic adjustment of software encryption based upon the 
geographic location in which the software is executing. It is understood that the form of the 
invention shown and described in the detailed description and the drawings are to be taken 
merely as presently preferred examples. It is intended that the following claims be interpreted 
broadly to embrace all the variations of the preferred embodiments disclosed. 
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WHAT IS CLAIMED IS: 

1 . An encryption method, comprising: 

5 determining a geographic location associated with a software program; 

selecting an encryption level based upon the determined geographic location; and 
executing the software program utilizing the selected encryption level. 

10 

2. The method of claim 1, wherein determining the geographic location comprises determining 
^=0 the geographic location of a computer system on which the software program will be executed. 

i lf 3. The method of claim 1, wherein determining the geographic location comprises receiving 
■ 15 information from a Global Positioning System. 

C3 4. The method of claim 3, wherein the Global Positioning System comprises an I/O device of a 

ri computer system on which the software will execute. 

20 5. The method of claim 1, ftirther comprising, overriding the selected encryption level 
responsive to receiving an encryption override signal. 

6. The method of claim 1, wherein the encryption override signal is received from a Smart Card 
I/O device of a computer system on which the software program will execute. 

25 

7. The method of claim 1, wherein selecting an encryption level comprises selecting an 
encryption level from a set of encryption levels including at least a U.S. encryption level 
corresponding to a U.S. geographic location, a European encryption level corresponding to a 
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non-French European geographic location, and a French encryption level corresponding to a 
French geographic location. 

8. The method of claim 7, wherein the U.S. encryption level comprises a 128-bit encryption 
5 level. 

9. The method of claim 7, wherein the French encryption level comprises a 40-bit encryption 
level. 

10 10. A computer system, comprising: 

a set of processors comprising at least one processor; 

a system memory accessible to the set of processors via a host bus; 

15 

an host bridge coupled between the host bus and an I/O bus; and 

a geographic locator adapted to communicate with the host bus via the I/O bus; 

20 wherein the system memory is configured with a set of instructions executable by the set 

of processors, the set of instructions comprising: 

means for determining the geographic location of the computer system from the 
geographic locator; 

25 

means for selecting an encryption level based on the determined geographic location; and 
means for utilizing the selected encryption level when executing the set of instructions. 
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11. The computer system of claim 10, wherein the geographic locator comprises a Global 
Positioning System. 

12. The computer system of claim 11, wherein the I/O bus comprises a PCI compliant I/O bus 
5 and wherein the Global Positioning System comprises a PCI compatible I/O device connected to 

the I/O bus. 

13. The computer system of claim 10, wherein the set of computer instruction further comprise, 
means for overriding the selected encryption level responsive to receiving an encryption override 

10 signal. 

14. The computer system of claim 13, wherein the encryption override signal is received from a 
Smart Card FO device of the computer system. 

15 15. The computer system of claim 10, wherein the means for selecting an encryption level 
comprises means for selecting an encryption level from a set of encryption levels including at 
least a U.S. encryption level corresponding to a U.S. geographic location, a European encryption 
level corresponding to a non-French European geographic location, and a French encryption 
level corresponding to a French geographic location. 

20 

16. The computer system of claim 15, wherein the U.S. encryption level comprises a 128-bit 
encryption level and the French encryption level comprises a 40-bit encryption level. 

17. A computer program product, comprises a computer readable medium configured with a set 
25 of computer readable instructions, the set of instructions comprising: 



means for determining a geographic location associated with a software program; 
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means for selecting an encryption level based upon the determined geographic location; 
and 



means for executing the software program utilizing the selected encryption level. 

5 

18. The computer program product of claim 17, wherein determining the geographic location 
comprises deteraiining the geographic location of a computer system on which the software 
program will be executed. 

10 19. The computer program product of claim 17, wherein determining the geographic location 
comprises receiving information from a Global Positioning System. 

20. The computer program product of claim 19, wherein the Global Positioning System 
comprises an I/O device of a computer system on which the software will execute. 

15 

21. The computer program product of claim 17, fiirther comprising, overriding the selected 
encryption level responsive to receiving an encryption override signal 

22. The computer program product of claim 17, wherein the encryption override signal is 
20 received from a Smart Card I/O device of a computer system on which the software program will 

execute. 

23. The computer program product of claim 17, wherein selecting an encryption level comprises 
selecting an encryption level from a set of encryption levels including at least a U.S. encryption 

25 level corresponding to a U.S. geographic location, a European encryption level corresponding to 
a non-French European geographic location, and a French encryption level corresponding to a 
French geographic location. 
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24. The computer program product of claim 23, wherein the U.S. encryption level comprises a 
128-bit encryption level and the French encryption level comprises a 40-bit encryption level. 
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DYNAMICALLY ADJUSTABLE SOFTWARE ENCRYPTION 

ABSTRACT 

5 A method, system, and computer program product for dynamically adjusting the 

encryption level based on the geographic location of a software program are disclosed. The 
method includes an initial step of determining a geographic location associated with the software 
program. An encryption level is selected based upon the determined geographic location. The 
software program is then executed utihzing the selected encryption level. In one embodiment, 

10 determining the geographic location is achieved by determining the geographic location of a 
computer system on which the software program will be executed, preferably through the use of 
a Global Positioning System. The Global Positioning System may comprise an I/O device of the 
computer system on which the software executes. In one embodiment, the selected encryption 
level may be overridden by a Smart Card or other secure device connected to the computer 

15 system. In one embodiment, the available encryption levels include, at a minimum, a U.S. 
encryption level, a non-French European encryption level, and a French encryption level. 
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DECLARATION AND POWER OF ATTORNEY FOR 
PATENT APPLICATION 

As a below named inventor, I hereby declare that: 

My residence, post office and citizenship are as stated below next to my name; 

I believe I am the original, first and sole inventor (if only one name is listed below) or an 
original, first and joint inventor (if plural names are listed below) of the subject matter which is claimed 
and for which a patent is sought on the invention entitled Dynamically Adjustable Software 
Encryption . 

the specification of which: 

X is attached hereto. 

was filed on as Application Serial No. 

and was amended on 

(if applicable) 

I hereby state that I have reviewed and understand the contents of the above identified specification, 
including the claims, as amended by any amendment referred to above. 

I acknowledge the duty to disclose information which is material to the patentability of this application 
in accordance with Title 37, Code of Federal Regulations, 1.56. 

I hereby claim foreign priority benefits under Title 35, United States Code, 119 of any foreign 
application(s) for patent or inventor's certificate listed below and have also identified below any foreign 
application for patent or inventor's certificate having a filing date before that of the application on 
which priority is claimed: 

PRIOR FOREIGN APPLICATION(S) Priority Claimed 



N/A Yes/No 

(Number) (Country) (Date Filed) 

N/A Yes/No 

(Number) (Country) (Date Filed) 



I hereby claim the benefit under Title 35, United States Code, 120 of any United States application(s) 
listed below and, insofar as the subject matter of each of the claims of this application is not disclosed 
in the prior United States application in the manner provided by the first paragraph of Title 35, United 
States Code, 112, I acknowledge the duty to disclose information which is material to the patentability 
of this application as defined in Title 37, Code of Federal Regulations, 1.56, which occurred between 
the filing date of the prior application and the national or PCT international filing date of this 
application: 

N/A 

(Application Serial No.) (Filing Date) (Status) 

N/A 

(Application Serial No.) (Filing Date) (Status) 
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I hereby declare that all statements made herein of my own knowledge are true and that all statements 
made on information and belief are believed to be true; and further that these statements were made 
with the knowledge that willful false statements and the like so made are punishable by fine or 
imprisonment, or both, under Section 1001 of Title 18 of the United States Code and that such willful 
false statements may jeopardize the validity of the application or any patent issued thereon. 

POWER OF ATTORNEY: As a named inventor I hereby appoint the following attorneys and/or 
agents to prosecute this application and transact all business in the Patent and Trademark Office 
connected therewith. 



John W. Henderson, Jr., Reg. No. 26,907; James H. Barksdale, Jr., Reg. No. 24,091; Thomas E. 
Tyson, Reg. No. 28, 543; Robert M. Carwell, Reg. No. 28,499; Jeffirey S. LaBaw, Reg. No. 31,633; 
Douglas H. Lefeve, Reg. No. 26,193; Casimer K. Salys, Reg. No. 28,900; David A. Mims, Jr., Reg. 
No. 32,708; Mark E. McBumey, Reg. No. 33,114; Anthony V. England, Reg. No. 35,129; Volel 
Emile, Reg. No. 39,969; Leslie A. Van Leeuwen, Reg. No. 42,196; Christopher A. Hughes, Reg. No. 
26,914; Edward A. Pennington, Reg. No. 32,588; John E. Hoel, Reg. No. 26,279; Joseph C. 
Redmond, Jr., Reg. No. 18,753; Marilyn S. Dawkins, Reg. No. 31,140; Joseph P. Lally, Reg. No. 
38,947; and Raman N. Dewan, Reg. No. 38,787. 
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